From 54640cc362499dc913e4d33864c1a148088349e1 Mon Sep 17 00:00:00 2001 From: atsikham Date: Mon, 24 May 2021 00:47:08 +0200 Subject: [PATCH] Ubuntu installation except pgbouncer --- .../extensions/replication/extension.yml | 108 +++++++++--------- .../tasks/extensions/replication/packages.yml | 2 +- .../playbooks/roles/postgresql/tasks/main.yml | 104 ++++++++--------- .../postgresql.conf.j2} | 3 +- .../playbooks/roles/preflight/tasks/apply.yml | 6 +- .../centos-7/requirements.x86_64.txt | 2 +- .../redhat-7/requirements.x86_64.txt | 2 +- .../ubuntu-18.04/add-repositories.sh | 3 + .../ubuntu-18.04/requirements.x86_64.txt | 4 +- 9 files changed, 117 insertions(+), 117 deletions(-) rename core/src/epicli/data/common/ansible/playbooks/roles/postgresql/{files/postgresql.conf => templates/postgresql.conf.j2} (99%) diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/extensions/replication/extension.yml b/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/extensions/replication/extension.yml index 18ff2e2a77..8c4010c70c 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/extensions/replication/extension.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/extensions/replication/extension.yml @@ -9,7 +9,7 @@ # --- Configure users --- -- name: Extensions | Repmgr | Add postgres user to sudoers file +- name: Extensions | Repmgr | Add 'postgres' user to sudoers file lineinfile: path: /etc/sudoers line: >- @@ -21,19 +21,22 @@ {{ repmgr.bindir[ansible_os_family] }}/repmgr standby follow validate: 'visudo -cf %s' -- name: Extensions | Repmgr | Create super user in postgresql - become_user: postgres - postgresql_user: - user: "{{ specification.extensions.replication.privileged_user_name }}" - password: "{{ specification.extensions.replication.privileged_user_password }}" - role_attr_flags: LOGIN,SUPERUSER - -- name: Extensions | Repmgr | Create replication user in postgresql +- name: Extensions | Repmgr | Create replication and super users in PostgreSQL become_user: postgres + vars: + _users: + - user: "{{ specification.extensions.replication.privileged_user_name }}" + password: "{{ specification.extensions.replication.privileged_user_password }}" + role_attr_flags: LOGIN,SUPERUSER + - user: "{{ specification.extensions.replication.replication_user_name }}" + password: "{{ specification.extensions.replication.replication_user_password }}" + role_attr_flags: LOGIN,REPLICATION postgresql_user: - user: "{{ specification.extensions.replication.replication_user_name }}" - password: "{{ specification.extensions.replication.replication_user_password }}" - role_attr_flags: LOGIN,REPLICATION + user: "{{ item.user }}" + password: "{{ item.password }}" + role_attr_flags: "{{ item.role_attr_flags }}" + no_log: true + loop: "{{ _users }}" - name: Extensions | Repmgr | Create pgpass file template: @@ -69,49 +72,51 @@ vars: node_id: "{{ pg_repmgr_node_id }}" -## On Ubuntu config file location is not set by package (see https://repmgr.org/docs/4.0/packages-debian-ubuntu.html). -## Create symlink to allow using repmgr commands without specifying config file location (which is custom). -## See https://repmgr.org/docs/4.0/configuration-file.html -#- name: Extensions | Repmgr | Debian specific tasks -# when: ansible_os_family == 'Debian' -# block: -# - name: Extensions | Repmgr | Create symlink /etc/repmgr.conf -# file: -# src: "{{ template_repmgr_conf.dest }}" -# dest: /etc/repmgr.conf -# state: link -# owner: postgres -# group: postgres -# when: template_repmgr_conf.dest != '/etc/repmgr.conf' -# -# # For repmgr installed from Ubuntu package additional configuration is required before repmgrd is started as daemon -# - name: Extensions | Repmgr | Set repmgr.conf file in /etc/default/repmgrd -# replace: -# path: /etc/default/repmgrd -# regexp: "^#REPMGRD_CONF=\"/path/to/repmgr.conf\"" -# replace: "REPMGRD_CONF=\"{{ repmgr.config_dir[ansible_os_family] }}/repmgr.conf\"" -# -# - name: Extensions | Repmgr | Enable repmgrd in /etc/default/repmgrd -# replace: -# path: /etc/default/repmgrd -# regexp: "^[#]?REPMGRD_ENABLED=no" -# replace: "REPMGRD_ENABLED=yes" +# On Ubuntu config file location is not set by package (see https://repmgr.org/docs/5.2/packages-debian-ubuntu.html). +# Create symlink to allow using repmgr commands without specifying config file location (which is custom). +# See https://repmgr.org/docs/5.2/configuration-file.html +- name: Extensions | Repmgr | Debian specific tasks + when: ansible_os_family == 'Debian' + block: + - name: Extensions | Repmgr | Create symlink /etc/repmgr.conf + file: + src: "{{ template_repmgr_conf.dest }}" + dest: /etc/repmgr.conf + state: link + owner: postgres + group: postgres + when: template_repmgr_conf.dest != '/etc/repmgr.conf' + + # For repmgr installed from Ubuntu package additional configuration is required before repmgrd is started as daemon + - name: Extensions | Repmgr | Set repmgr.conf file in /etc/default/repmgrd + replace: + path: /etc/default/repmgrd + regexp: "^#REPMGRD_CONF=\"/path/to/repmgr.conf\"" + replace: "REPMGRD_CONF=\"{{ repmgr.config_dir[ansible_os_family] }}/repmgr.conf\"" + + - name: Extensions | Repmgr | Enable repmgrd in /etc/default/repmgrd + replace: + path: /etc/default/repmgrd + regexp: "^[#]?REPMGRD_ENABLED=no" + replace: "REPMGRD_ENABLED=yes" - name: Extensions | Repmgr | Check cluster status become_user: postgres command: "{{ repmgr.bindir[ansible_os_family] }}/repmgr cluster show --csv" register: pg_cluster_status - # 25 means there is an error with at least one registered node - # sometimes 'repmgr cluster show' returns 25 code with empty stderr and no explaination - failed_when: pg_cluster_status.rc not in [0, 25] or pg_cluster_status.stdout_lines|length > groups.postgresql|length + changed_when: false + failed_when: false + no_log: true -# There is a preflight check that no more than 2 cluster nodes are supported +# 1. There is a preflight check that no more than 2 cluster nodes are supported +# 2. rc = 25 means that there is an error with at least one registered node +# sometimes 'repmgr cluster show' returns 25 code with empty stderr and no explanation - name: Extensions | Repmgr | Set 'pg_is_clustered' fact set_fact: - pg_is_clustered: "{{ pg_cluster_status.stdout_lines | length }} == 2" + pg_is_clustered: "{{ pg_cluster_status.rc in [0, 25] and pg_cluster_status.stdout_lines | length > 1 }}" - name: Extensions | Repmgr | Configure PostgreSQL cluster - when: not pg_is_clustered + when: not pg_is_clustered|bool vars: pg_node_primary: "{{ groups.postgresql[0] }}" # the first node in the group is primary block: @@ -173,7 +178,7 @@ enabled: true - name: Extensions | Repmgr | Check already configured cluster - when: pg_is_clustered + when: pg_is_clustered|bool block: - name: Extensions | Repmgr | Search for a primary node become_user: postgres @@ -190,16 +195,13 @@ block: - name: Extensions | Repmgr | Check if node is not attached to repmgr become_user: postgres - shell: >- - set -o pipefail && - {{ repmgr.bindir[ansible_os_family] }}/repmgr cluster show - | grep -i 'not attached to its upstream node' + command: "{{ repmgr.bindir[ansible_os_family] }}/repmgr cluster show" changed_when: false - register: is_node_not_attached - failed_when: is_node_not_attached.rc not in [0, 1] + register: pg_cluster_status + failed_when: pg_cluster_status.rc not in [0, 25] - name: Extensions | Repmgr | Attach active standby to current primary node - when: is_node_not_attached.stdout | length > 0 + when: "'not attached to its upstream node' in pg_cluster_status.stdout|lower" become: true become_user: postgres become_method: sudo diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/extensions/replication/packages.yml b/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/extensions/replication/packages.yml index a74a771a4c..d3e6a076ab 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/extensions/replication/packages.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/extensions/replication/packages.yml @@ -8,6 +8,6 @@ Debian: - postgresql-13-repmgr RedHat: - - repmgr13 + - repmgr13-5.2.1 module_defaults: yum: { lock_timeout: "{{ yum_lock_timeout }}" } diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/main.yml index d7c8dc5700..639263cd90 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/main.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: Set facts +- name: Set 'enabled_extensions' fact set_fact: enabled_extensions: >- {{ (_defined_extensions | selectattr('config.enabled') | list) + _undefined_extensions }} @@ -22,6 +22,9 @@ vars: _packages: Debian: + - postgresql-client-common + - postgresql-common + - postgresql-client-13 - postgresql-13 - postgresql-contrib-13 - python-psycopg2 # required for postgresql ansible management @@ -33,104 +36,93 @@ # Extension packages need to be installed first to be able to process PostgreSQL config - name: Install extension packages - include_tasks: extensions/{{ data.name }}/packages.yml + include_tasks: extensions/{{ extension.name }}/packages.yml loop_control: - loop_var: data + loop_var: extension loop: "{{ enabled_extensions }}" - name: Create directories and ensure correct permissions file: - path: "{{ item }}" + path: "{{ path }}" state: directory owner: postgres group: postgres mode: u=rwx,g=,o= + loop_control: + loop_var: path loop: - /var/log/postgresql - "{{ pg.data_dir[ansible_os_family] }}" # Permissions should be u=rwx (0700) or u=rwx,g=rx (0750) - name: RedHat | Initialize database + when: ansible_os_family == 'RedHat' block: - - name: Check initialization status (RedHat) + - name: RedHat | Check initialization status stat: path: "{{ pg.config_dir[ansible_os_family] }}/pg_hba.conf" register: pg_hba_conf_stat - - name: Initialize database (RedHat) + - name: RedHat | Initialize database + when: not pg_hba_conf_stat.stat.exists command: /usr/pgsql-13/bin/postgresql-13-setup initdb {{ pg.service_name[ansible_os_family] }} - when: - - not pg_hba_conf_stat.stat.exists - when: - - ansible_os_family == 'RedHat' -- name: Copy pg_hba.conf - template: - src: pg_hba.conf.j2 - dest: "{{ pg.config_dir[ansible_os_family] }}/pg_hba.conf" - owner: postgres - group: postgres - mode: u=rw,g=,o= - backup: true - register: change_pg_hba_conf +- name: Ensure that postgresql service is started + block: + - name: Ensure that postgresql service is started + systemd: + name: "{{ pg.service_name[ansible_os_family] }}" + state: started + enabled: true + + - &check-debian-service + name: Debian | Check that the main service is started + when: ansible_os_family == 'Debian' + systemd: + name: "{{ pg.instantiated_service_name[ansible_os_family] }}" + state: started + enabled: true # Used in postgresql-epiphany.conf.j2 - name: Set runtime_shared_preload_libraries fact block: - - name: Collect facts about system services - service_facts: - register: services_state - - name: Get PostgreSQL settings become: true become_user: postgres - vars: - _service: "{{ pg.service_name[ansible_os_family] }}.service" - _state: "{{ ansible_facts.services[_service] }}" postgresql_info: filter: settings register: postgresql_info - when: - - "_service|string in ansible_facts.services" - - "_state|string == 'started'" - name: Set runtime_shared_preload_libraries fact set_fact: runtime_shared_preload_libraries: "{{ postgresql_info.settings.shared_preload_libraries.setting }}" - when: - - postgresql_info.settings is defined -- name: Create Epiphany managed configuration sub-file +- name: Copy PostgreSQL configuration files + vars: + _files: + - pg_hba.conf + - postgresql-epiphany.conf + - postgresql.conf template: - src: postgresql-epiphany.conf.j2 - dest: "{{ pg.config_dir[ansible_os_family] }}/postgresql-epiphany.conf" - owner: postgres - group: postgres - mode: u=rw,g=,o= - register: change_postgresql_epiphany_conf - -- name: Copy postgresql.conf - copy: - src: postgresql.conf - dest: "{{ pg.config_dir[ansible_os_family] }}/postgresql.conf" + src: "{{ file_name }}.j2" + dest: "{{ pg.config_dir[ansible_os_family] }}/{{ file_name }}" owner: postgres group: postgres mode: u=rw,g=,o= backup: true - register: change_postgresql_conf + loop_control: + loop_var: file_name + loop: "{{ _files }}" + register: change_pg_config - name: Restart postgresql service if configuration changed - systemd: - name: "{{ pg.service_name[ansible_os_family] }}" - state: restarted - when: change_pg_hba_conf - or change_postgresql_epiphany_conf - or change_postgresql_conf - -# This is a separate task as service restart runs not each time -- name: Enable postgresql service - systemd: - name: "{{ pg.service_name[ansible_os_family] }}" - enabled: true + block: + - name: Restart postgresql service if configuration changed + systemd: + name: "{{ pg.service_name[ansible_os_family] }}" + state: restarted + + - *check-debian-service + when: (change_pg_config.results | map(attribute='changed') | list) is any - name: Configure postgresql logrotate block: diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/files/postgresql.conf b/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/templates/postgresql.conf.j2 similarity index 99% rename from core/src/epicli/data/common/ansible/playbooks/roles/postgresql/files/postgresql.conf rename to core/src/epicli/data/common/ansible/playbooks/roles/postgresql/templates/postgresql.conf.j2 index 6d23f04021..58723ba70c 100755 --- a/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/files/postgresql.conf +++ b/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/templates/postgresql.conf.j2 @@ -1,3 +1,4 @@ +# {{ ansible_managed }} # ----------------------------- # PostgreSQL configuration file # ----------------------------- @@ -38,7 +39,7 @@ # The default values of these variables are driven from the -D command-line # option or PGDATA environment variable, represented here as ConfigDir. -#data_directory = 'ConfigDir' # use data in another directory +data_directory = '{{ pg.data_dir[ansible_os_family] }}' # use data in another directory # (change requires restart) #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file # (change requires restart) diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/preflight/tasks/apply.yml b/core/src/epicli/data/common/ansible/playbooks/roles/preflight/tasks/apply.yml index 4f3ae70beb..1fd1f5b2ac 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/preflight/tasks/apply.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/preflight/tasks/apply.yml @@ -11,7 +11,7 @@ that: _unsupported_enabled_apps | length == 0 fail_msg: >- Following application(s) are not supported for {{ _k8s_arch }} and cannot be installed: - {{ _unsupported_enabled_apps | map(attribute='name') | join(', ') }} + {{ _unsupported_enabled_apps | map(attribute='name') | list | join(', ') }} success_msg: "All enabled applications are supported for {{ _k8s_arch }}" quiet: true vars: @@ -43,8 +43,8 @@ assert: that: _unsupported_enabled_extensions | length == 0 fail_msg: >- - {{ unsupported_postgres_extensions[_pg_arch] | join(', ') }} extensions are not supported for {{ _pg_arch }} - and cannot be installed + {{ _unsupported_enabled_extensions | map(attribute='name') | list | join(', ') }} extensions are not supported + for {{ _pg_arch }} and cannot be installed success_msg: "All enabled PostgreSQL extensions are supported for current architecture" vars: _pg_arch: >- diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.x86_64.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.x86_64.txt index a9ac52e734..3f07b9a821 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.x86_64.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.x86_64.txt @@ -98,7 +98,7 @@ rabbitmq-server-3.8.9 rh-haproxy18 rh-haproxy18-haproxy-syspaths postgresql13-server -repmgr13 +repmgr13-5.2.1 samba-client samba-client-libs # for samba-client samba-common diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.x86_64.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.x86_64.txt index 1575fdd1e3..6cda295928 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.x86_64.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.x86_64.txt @@ -94,7 +94,7 @@ rabbitmq-server-3.8.9 rh-haproxy18 rh-haproxy18-haproxy-syspaths postgresql13-server -repmgr13 +repmgr13-5.2.1 samba-client samba-client-libs # for samba-client samba-common diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/add-repositories.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/add-repositories.sh index f42a63c356..24f9f8d691 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/add-repositories.sh +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/add-repositories.sh @@ -24,6 +24,9 @@ echo "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | tee / wget -qO - https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch | sudo apt-key add - echo "deb https://d3g5vo6xdbdb9a.cloudfront.net/apt stable main" | tee -a /etc/apt/sources.list.d/opendistroforelasticsearch.list +wget -qO - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - +echo "deb http://apt.postgresql.org/pub/repos/apt bionic-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list + wget -qO - https://dl.2ndquadrant.com/gpg-key.asc | apt-key add - echo "deb https://dl.2ndquadrant.com/default/release/apt bionic-2ndquadrant main" | tee -a /etc/apt/sources.list.d/2ndquadrant-dl-default-release.list diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.x86_64.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.x86_64.txt index 6b833624d0..be5db23470 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.x86_64.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.x86_64.txt @@ -143,9 +143,11 @@ libsmbclient # for postgres postgresql-client-13 postgresql-13-pgaudit -postgresql-13-repmgr +postgresql-13-repmgr 5.2.1 postgresql-common +postgresql-client-common pgbouncer 1.15.* +pgdg-keyring # for firewalld ipset